Publish Secure WMS to ArcGIS Enterprise

599
4
Jump to solution
02-24-2021 04:51 AM
EinarD
by
New Contributor II

Hi,

I want to enable WMS for a secure services published to a federated ArcGIS Server (10.7.1). We're using IWA for our Enterprise.

The WMS works fine if parent map service and the WMS layer is shared with "everyone", but when sharing only to my organization or a portal group, then I'm unable to view the WMS.

I also get the error https://pro.arcgis.com/en/pro-app/latest/help/sharing/analyzer-error-messages/00297-layers-must-be-s... which states that it must be shared with everyone. Is this the case, must WMS services be shared with everyone?

0 Kudos
1 Solution

Accepted Solutions
lvargas
New Contributor III

Hello @EinarD 

This is expected behavior, OGC services do not support OAuth2 (used por ArcGIS Enterprise authentication), so they must be shared public.

https://support.esri.com/en/bugs/nimbus/QlVHLTAwMDA5NTkzOQ==

There are also some other limitations related to OGC services.
https://gis.fema.gov/arcgis/help/en/portal/latest/use/ogc.htm#

The alternatives are:
- If its a federated environment, publish the layers as public (you could disable the service directory of ArcGIS Server).
- Use an ArcGIS GIS Server stand-alone (without federation) and web-tier authentication, publish, and secure the service.

Regards.

View solution in original post

4 Replies
George_Thompson
Esri Frequent Contributor
0 Kudos
EinarD
by
New Contributor II

Thanks George, and yes, I've read this, but based on that I would expect my setup to work, since I'm using IWA and have same security settings for the parent map service as the WMS. I do wonder if it is different for Stand Alone servers as opposed to Federated ones.

I do see this in the devtools in the browser, strange since Portal and my federated server should trust each other:

Access to XMLHttpRequest at 'https://federatedserver.domain.com/arcgis/services/test/MyMapService/MapServer/WMSServer?SERVICE=WMS...' from origin 'https://Portal.domain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

0 Kudos
lvargas
New Contributor III

Hello @EinarD 

This is expected behavior, OGC services do not support OAuth2 (used por ArcGIS Enterprise authentication), so they must be shared public.

https://support.esri.com/en/bugs/nimbus/QlVHLTAwMDA5NTkzOQ==

There are also some other limitations related to OGC services.
https://gis.fema.gov/arcgis/help/en/portal/latest/use/ogc.htm#

The alternatives are:
- If its a federated environment, publish the layers as public (you could disable the service directory of ArcGIS Server).
- Use an ArcGIS GIS Server stand-alone (without federation) and web-tier authentication, publish, and secure the service.

Regards.

View solution in original post

MarkMenzel1
New Contributor II

I understand the limitation but it means that we either have extra servers just for WMS or we share our development services to the public, or other groups that shouldn't see it.

Surely esri can work out a way that the incoming request authenticates against the map service before being redirected to the WMS. WMS does after all have the ability to take in custom parameters.

0 Kudos